Merge pull request #2531 from munnerz/move-organizations

v1alpha3: move Organization field into X509Subject as Organizations
2020-01-29 10:17:54 +00:00 · 2020-01-29 10:17:54 +00:00 · 33051b0c66
commit 33051b0c66
parent 7eacbd2eb9 877e1dd672
11 changed files with 145 additions and 63 deletions
--- a/pkg/apis/certmanager/v1alpha3/types_certificate.go
+++ b/pkg/apis/certmanager/v1alpha3/types_certificate.go
@ -82,10 +82,6 @@ type CertificateSpec struct {
 	// +optional
 	CommonName string `json:"commonName,omitempty"`

-	// Organization is the organization to be used on the Certificate
-	// +optional
-	Organization []string `json:"organization,omitempty"`
-
 	// Certificate default Duration
 	// +optional
 	Duration *metav1.Duration `json:"duration,omitempty"`
@ -151,6 +147,9 @@ type CertificateSpec struct {

 // X509Subject Full X509 name specification
 type X509Subject struct {
+	// Organizations to be used on the Certificate.
+	// +optional
+	Organizations []string `json:"organizations,omitempty"`
 	// Countries to be used on the Certificate.
 	// +optional
 	Countries []string `json:"countries,omitempty"`
--- a/pkg/apis/certmanager/v1alpha3/zz_generated.deepcopy.go
+++ b/pkg/apis/certmanager/v1alpha3/zz_generated.deepcopy.go
@ -282,11 +282,6 @@ func (in *CertificateSpec) DeepCopyInto(out *CertificateSpec) {
 		*out = new(X509Subject)
 		(*in).DeepCopyInto(*out)
 	}
-	if in.Organization != nil {
-		in, out := &in.Organization, &out.Organization
-		*out = make([]string, len(*in))
-		copy(*out, *in)
-	}
 	if in.Duration != nil {
 		in, out := &in.Duration, &out.Duration
 		*out = new(v1.Duration)
@ -761,6 +756,11 @@ func (in *VenafiTPP) DeepCopy() *VenafiTPP {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *X509Subject) DeepCopyInto(out *X509Subject) {
 	*out = *in
+	if in.Organizations != nil {
+		in, out := &in.Organizations, &out.Organizations
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
 	if in.Countries != nil {
 		in, out := &in.Countries, &out.Countries
 		*out = make([]string, len(*in))
--- a/pkg/internal/apis/certmanager/types_certificate.go
+++ b/pkg/internal/apis/certmanager/types_certificate.go
@ -72,10 +72,6 @@ type CertificateSpec struct {
 	// +optional
 	CommonName string `json:"commonName,omitempty"`

-	// Organization is the organization to be used on the Certificate
-	// +optional
-	Organization []string `json:"organization,omitempty"`
-
 	// Certificate default Duration
 	// +optional
 	Duration *metav1.Duration `json:"duration,omitempty"`
@ -141,6 +137,9 @@ type CertificateSpec struct {

 // X509Subject Full X509 name specification
 type X509Subject struct {
+	// Organizations to be used on the Certificate.
+	// +optional
+	Organizations []string `json:"organizations,omitempty"`
 	// Countries to be used on the Certificate.
 	// +optional
 	Countries []string `json:"countries,omitempty"`
--- a/pkg/internal/apis/certmanager/v1alpha2/BUILD.bazel
+++ b/pkg/internal/apis/certmanager/v1alpha2/BUILD.bazel
@ -3,6 +3,7 @@ load("@io_bazel_rules_go//go:def.bzl", "go_library")
 go_library(
    name = "go_default_library",
    srcs = [
+        "conversion.go",
        "defaults.go",
        "doc.go",
        "register.go",
--- a/pkg/internal/apis/certmanager/v1alpha2/conversion.go
+++ b/pkg/internal/apis/certmanager/v1alpha2/conversion.go
@ -0,0 +1,58 @@
+/*
+Copyright 2019 The Jetstack cert-manager contributors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha2
+
+import (
+	"k8s.io/apimachinery/pkg/conversion"
+
+	"github.com/jetstack/cert-manager/pkg/apis/certmanager/v1alpha2"
+	"github.com/jetstack/cert-manager/pkg/internal/apis/certmanager"
+)
+
+func Convert_v1alpha2_CertificateSpec_To_certmanager_CertificateSpec(in *v1alpha2.CertificateSpec, out *certmanager.CertificateSpec, s conversion.Scope) error {
+	if err := autoConvert_v1alpha2_CertificateSpec_To_certmanager_CertificateSpec(in, out, s); err != nil {
+		return err
+	}
+
+	if len(in.Organization) > 0 {
+		if out.Subject == nil {
+			out.Subject = &certmanager.X509Subject{}
+		}
+
+		out.Subject.Organizations = in.Organization
+	}
+
+	return nil
+}
+
+func Convert_certmanager_CertificateSpec_To_v1alpha2_CertificateSpec(in *certmanager.CertificateSpec, out *v1alpha2.CertificateSpec, s conversion.Scope) error {
+	if err := autoConvert_certmanager_CertificateSpec_To_v1alpha2_CertificateSpec(in, out, s); err != nil {
+		return err
+	}
+
+	if in.Subject != nil {
+		out.Organization = in.Subject.Organizations
+	} else {
+		out.Organization = nil
+	}
+
+	return nil
+}
+
+func Convert_certmanager_X509Subject_To_v1alpha2_X509Subject(in *certmanager.X509Subject, out *v1alpha2.X509Subject, s conversion.Scope) error {
+	return autoConvert_certmanager_X509Subject_To_v1alpha2_X509Subject(in, out, s)
+}
--- a/pkg/internal/apis/certmanager/v1alpha2/zz_generated.conversion.go
+++ b/pkg/internal/apis/certmanager/v1alpha2/zz_generated.conversion.go
@ -131,16 +131,6 @@ func RegisterConversions(s *runtime.Scheme) error {
 	}); err != nil {
 		return err
 	}
-	if err := s.AddGeneratedConversionFunc((*v1alpha2.CertificateSpec)(nil), (*certmanager.CertificateSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_v1alpha2_CertificateSpec_To_certmanager_CertificateSpec(a.(*v1alpha2.CertificateSpec), b.(*certmanager.CertificateSpec), scope)
-	}); err != nil {
-		return err
-	}
-	if err := s.AddGeneratedConversionFunc((*certmanager.CertificateSpec)(nil), (*v1alpha2.CertificateSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_certmanager_CertificateSpec_To_v1alpha2_CertificateSpec(a.(*certmanager.CertificateSpec), b.(*v1alpha2.CertificateSpec), scope)
-	}); err != nil {
-		return err
-	}
 	if err := s.AddGeneratedConversionFunc((*v1alpha2.CertificateStatus)(nil), (*certmanager.CertificateStatus)(nil), func(a, b interface{}, scope conversion.Scope) error {
 		return Convert_v1alpha2_CertificateStatus_To_certmanager_CertificateStatus(a.(*v1alpha2.CertificateStatus), b.(*certmanager.CertificateStatus), scope)
 	}); err != nil {
@ -316,11 +306,21 @@ func RegisterConversions(s *runtime.Scheme) error {
 	}); err != nil {
 		return err
 	}
-	if err := s.AddGeneratedConversionFunc((*certmanager.X509Subject)(nil), (*v1alpha2.X509Subject)(nil), func(a, b interface{}, scope conversion.Scope) error {
+	if err := s.AddConversionFunc((*certmanager.CertificateSpec)(nil), (*v1alpha2.CertificateSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
+		return Convert_certmanager_CertificateSpec_To_v1alpha2_CertificateSpec(a.(*certmanager.CertificateSpec), b.(*v1alpha2.CertificateSpec), scope)
+	}); err != nil {
+		return err
+	}
+	if err := s.AddConversionFunc((*certmanager.X509Subject)(nil), (*v1alpha2.X509Subject)(nil), func(a, b interface{}, scope conversion.Scope) error {
 		return Convert_certmanager_X509Subject_To_v1alpha2_X509Subject(a.(*certmanager.X509Subject), b.(*v1alpha2.X509Subject), scope)
 	}); err != nil {
 		return err
 	}
+	if err := s.AddConversionFunc((*v1alpha2.CertificateSpec)(nil), (*certmanager.CertificateSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
+		return Convert_v1alpha2_CertificateSpec_To_certmanager_CertificateSpec(a.(*v1alpha2.CertificateSpec), b.(*certmanager.CertificateSpec), scope)
+	}); err != nil {
+		return err
+	}
 	return nil
 }

@ -406,7 +406,17 @@ func Convert_certmanager_CertificateCondition_To_v1alpha2_CertificateCondition(i

 func autoConvert_v1alpha2_CertificateList_To_certmanager_CertificateList(in *v1alpha2.CertificateList, out *certmanager.CertificateList, s conversion.Scope) error {
 	out.ListMeta = in.ListMeta
-	out.Items = *(*[]certmanager.Certificate)(unsafe.Pointer(&in.Items))
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]certmanager.Certificate, len(*in))
+		for i := range *in {
+			if err := Convert_v1alpha2_Certificate_To_certmanager_Certificate(&(*in)[i], &(*out)[i], s); err != nil {
+				return err
+			}
+		}
+	} else {
+		out.Items = nil
+	}
 	return nil
 }

@ -417,7 +427,17 @@ func Convert_v1alpha2_CertificateList_To_certmanager_CertificateList(in *v1alpha

 func autoConvert_certmanager_CertificateList_To_v1alpha2_CertificateList(in *certmanager.CertificateList, out *v1alpha2.CertificateList, s conversion.Scope) error {
 	out.ListMeta = in.ListMeta
-	out.Items = *(*[]v1alpha2.Certificate)(unsafe.Pointer(&in.Items))
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]v1alpha2.Certificate, len(*in))
+		for i := range *in {
+			if err := Convert_certmanager_Certificate_To_v1alpha2_Certificate(&(*in)[i], &(*out)[i], s); err != nil {
+				return err
+			}
+		}
+	} else {
+		out.Items = nil
+	}
 	return nil
 }

@ -569,9 +589,17 @@ func Convert_certmanager_CertificateRequestStatus_To_v1alpha2_CertificateRequest
 }

 func autoConvert_v1alpha2_CertificateSpec_To_certmanager_CertificateSpec(in *v1alpha2.CertificateSpec, out *certmanager.CertificateSpec, s conversion.Scope) error {
-	out.Subject = (*certmanager.X509Subject)(unsafe.Pointer(in.Subject))
+	if in.Subject != nil {
+		in, out := &in.Subject, &out.Subject
+		*out = new(certmanager.X509Subject)
+		if err := Convert_v1alpha2_X509Subject_To_certmanager_X509Subject(*in, *out, s); err != nil {
+			return err
+		}
+	} else {
+		out.Subject = nil
+	}
 	out.CommonName = in.CommonName
-	out.Organization = *(*[]string)(unsafe.Pointer(&in.Organization))
+	// WARNING: in.Organization requires manual conversion: does not exist in peer-type
 	out.Duration = (*v1.Duration)(unsafe.Pointer(in.Duration))
 	out.RenewBefore = (*v1.Duration)(unsafe.Pointer(in.RenewBefore))
 	out.DNSNames = *(*[]string)(unsafe.Pointer(&in.DNSNames))
@ -590,15 +618,17 @@ func autoConvert_v1alpha2_CertificateSpec_To_certmanager_CertificateSpec(in *v1a
 	return nil
 }

-// Convert_v1alpha2_CertificateSpec_To_certmanager_CertificateSpec is an autogenerated conversion function.
-func Convert_v1alpha2_CertificateSpec_To_certmanager_CertificateSpec(in *v1alpha2.CertificateSpec, out *certmanager.CertificateSpec, s conversion.Scope) error {
-	return autoConvert_v1alpha2_CertificateSpec_To_certmanager_CertificateSpec(in, out, s)
-}
-
 func autoConvert_certmanager_CertificateSpec_To_v1alpha2_CertificateSpec(in *certmanager.CertificateSpec, out *v1alpha2.CertificateSpec, s conversion.Scope) error {
-	out.Subject = (*v1alpha2.X509Subject)(unsafe.Pointer(in.Subject))
+	if in.Subject != nil {
+		in, out := &in.Subject, &out.Subject
+		*out = new(v1alpha2.X509Subject)
+		if err := Convert_certmanager_X509Subject_To_v1alpha2_X509Subject(*in, *out, s); err != nil {
+			return err
+		}
+	} else {
+		out.Subject = nil
+	}
 	out.CommonName = in.CommonName
-	out.Organization = *(*[]string)(unsafe.Pointer(&in.Organization))
 	out.Duration = (*v1.Duration)(unsafe.Pointer(in.Duration))
 	out.RenewBefore = (*v1.Duration)(unsafe.Pointer(in.RenewBefore))
 	out.DNSNames = *(*[]string)(unsafe.Pointer(&in.DNSNames))
@ -617,11 +647,6 @@ func autoConvert_certmanager_CertificateSpec_To_v1alpha2_CertificateSpec(in *cer
 	return nil
 }

-// Convert_certmanager_CertificateSpec_To_v1alpha2_CertificateSpec is an autogenerated conversion function.
-func Convert_certmanager_CertificateSpec_To_v1alpha2_CertificateSpec(in *certmanager.CertificateSpec, out *v1alpha2.CertificateSpec, s conversion.Scope) error {
-	return autoConvert_certmanager_CertificateSpec_To_v1alpha2_CertificateSpec(in, out, s)
-}
-
 func autoConvert_v1alpha2_CertificateStatus_To_certmanager_CertificateStatus(in *v1alpha2.CertificateStatus, out *certmanager.CertificateStatus, s conversion.Scope) error {
 	out.Conditions = *(*[]certmanager.CertificateCondition)(unsafe.Pointer(&in.Conditions))
 	out.LastFailureTime = (*v1.Time)(unsafe.Pointer(in.LastFailureTime))
@ -1087,6 +1112,7 @@ func Convert_v1alpha2_X509Subject_To_certmanager_X509Subject(in *v1alpha2.X509Su
 }

 func autoConvert_certmanager_X509Subject_To_v1alpha2_X509Subject(in *certmanager.X509Subject, out *v1alpha2.X509Subject, s conversion.Scope) error {
+	// WARNING: in.Organizations requires manual conversion: does not exist in peer-type
 	out.Countries = *(*[]string)(unsafe.Pointer(&in.Countries))
 	out.OrganizationalUnits = *(*[]string)(unsafe.Pointer(&in.OrganizationalUnits))
 	out.Localities = *(*[]string)(unsafe.Pointer(&in.Localities))
@ -1096,8 +1122,3 @@ func autoConvert_certmanager_X509Subject_To_v1alpha2_X509Subject(in *certmanager
 	out.SerialNumber = in.SerialNumber
 	return nil
 }
-
-// Convert_certmanager_X509Subject_To_v1alpha2_X509Subject is an autogenerated conversion function.
-func Convert_certmanager_X509Subject_To_v1alpha2_X509Subject(in *certmanager.X509Subject, out *v1alpha2.X509Subject, s conversion.Scope) error {
-	return autoConvert_certmanager_X509Subject_To_v1alpha2_X509Subject(in, out, s)
-}
--- a/pkg/internal/apis/certmanager/v1alpha3/zz_generated.conversion.go
+++ b/pkg/internal/apis/certmanager/v1alpha3/zz_generated.conversion.go
@ -571,7 +571,6 @@ func Convert_certmanager_CertificateRequestStatus_To_v1alpha3_CertificateRequest
 func autoConvert_v1alpha3_CertificateSpec_To_certmanager_CertificateSpec(in *v1alpha3.CertificateSpec, out *certmanager.CertificateSpec, s conversion.Scope) error {
 	out.Subject = (*certmanager.X509Subject)(unsafe.Pointer(in.Subject))
 	out.CommonName = in.CommonName
-	out.Organization = *(*[]string)(unsafe.Pointer(&in.Organization))
 	out.Duration = (*v1.Duration)(unsafe.Pointer(in.Duration))
 	out.RenewBefore = (*v1.Duration)(unsafe.Pointer(in.RenewBefore))
 	out.DNSNames = *(*[]string)(unsafe.Pointer(&in.DNSNames))
@ -598,7 +597,6 @@ func Convert_v1alpha3_CertificateSpec_To_certmanager_CertificateSpec(in *v1alpha
 func autoConvert_certmanager_CertificateSpec_To_v1alpha3_CertificateSpec(in *certmanager.CertificateSpec, out *v1alpha3.CertificateSpec, s conversion.Scope) error {
 	out.Subject = (*v1alpha3.X509Subject)(unsafe.Pointer(in.Subject))
 	out.CommonName = in.CommonName
-	out.Organization = *(*[]string)(unsafe.Pointer(&in.Organization))
 	out.Duration = (*v1.Duration)(unsafe.Pointer(in.Duration))
 	out.RenewBefore = (*v1.Duration)(unsafe.Pointer(in.RenewBefore))
 	out.DNSNames = *(*[]string)(unsafe.Pointer(&in.DNSNames))
@ -1071,6 +1069,7 @@ func Convert_certmanager_VenafiTPP_To_v1alpha3_VenafiTPP(in *certmanager.VenafiT
 }

 func autoConvert_v1alpha3_X509Subject_To_certmanager_X509Subject(in *v1alpha3.X509Subject, out *certmanager.X509Subject, s conversion.Scope) error {
+	out.Organizations = *(*[]string)(unsafe.Pointer(&in.Organizations))
 	out.Countries = *(*[]string)(unsafe.Pointer(&in.Countries))
 	out.OrganizationalUnits = *(*[]string)(unsafe.Pointer(&in.OrganizationalUnits))
 	out.Localities = *(*[]string)(unsafe.Pointer(&in.Localities))
@ -1087,6 +1086,7 @@ func Convert_v1alpha3_X509Subject_To_certmanager_X509Subject(in *v1alpha3.X509Su
 }

 func autoConvert_certmanager_X509Subject_To_v1alpha3_X509Subject(in *certmanager.X509Subject, out *v1alpha3.X509Subject, s conversion.Scope) error {
+	out.Organizations = *(*[]string)(unsafe.Pointer(&in.Organizations))
 	out.Countries = *(*[]string)(unsafe.Pointer(&in.Countries))
 	out.OrganizationalUnits = *(*[]string)(unsafe.Pointer(&in.OrganizationalUnits))
 	out.Localities = *(*[]string)(unsafe.Pointer(&in.Localities))
--- a/pkg/internal/apis/certmanager/validation/certificate_for_issuer.go
+++ b/pkg/internal/apis/certmanager/validation/certificate_for_issuer.go
@ -51,8 +51,8 @@ func ValidateCertificateForACMEIssuer(crt *cmapi.CertificateSpec, issuer *cmapi.
 		el = append(el, field.Invalid(specPath.Child("isCA"), crt.KeyAlgorithm, "ACME does not support CA certificates"))
 	}

-	if len(crt.Organization) != 0 {
-		el = append(el, field.Invalid(specPath.Child("organization"), crt.Organization, "ACME does not support setting the organization name"))
+	if crt.Subject != nil && len(crt.Subject.Organizations) != 0 {
+		el = append(el, field.Invalid(specPath.Child("subject", "organizations"), crt.Subject.Organizations, "ACME does not support setting the organization name"))
 	}

 	if crt.Duration != nil {
@ -73,8 +73,8 @@ func ValidateCertificateForVaultIssuer(crt *cmapi.CertificateSpec, issuer *cmapi
 		el = append(el, field.Invalid(specPath.Child("isCA"), crt.KeyAlgorithm, "Vault issuer does not currently support CA certificates"))
 	}

-	if len(crt.Organization) != 0 {
-		el = append(el, field.Invalid(specPath.Child("organization"), crt.Organization, "Vault issuer does not currently support setting the organization name"))
+	if crt.Subject != nil && len(crt.Subject.Organizations) != 0 {
+		el = append(el, field.Invalid(specPath.Child("subject", "organizations"), crt.Subject.Organizations, "Vault issuer does not currently support setting the organization name"))
 	}

 	return el
--- a/pkg/internal/apis/certmanager/validation/certificate_for_issuer_test.go
+++ b/pkg/internal/apis/certmanager/validation/certificate_for_issuer_test.go
@ -82,13 +82,15 @@ func TestValidateCertificateForIssuer(t *testing.T) {
 		"acme certificate with organization set": {
 			crt: &cmapi.Certificate{
 				Spec: cmapi.CertificateSpec{
-					Organization: []string{"shouldfailorg"},
-					IssuerRef:    validIssuerRef,
+					Subject: &cmapi.X509Subject{
+						Organizations: []string{"shouldfailorg"},
+					},
+					IssuerRef: validIssuerRef,
 				},
 			},
 			issuer: acmeIssuer,
 			errs: []*field.Error{
-				field.Invalid(fldPath.Child("organization"), []string{"shouldfailorg"}, "ACME does not support setting the organization name"),
+				field.Invalid(fldPath.Child("subject", "organizations"), []string{"shouldfailorg"}, "ACME does not support setting the organization name"),
 			},
 		},
 		"acme certificate with duration set": {
--- a/pkg/internal/apis/certmanager/validation/certificate_test.go
+++ b/pkg/internal/apis/certmanager/validation/certificate_test.go
@ -82,10 +82,12 @@ func TestValidateCertificate(t *testing.T) {
 		"valid with org set": {
 			cfg: &cmapi.Certificate{
 				Spec: cmapi.CertificateSpec{
-					CommonName:   "testcn",
-					SecretName:   "abc",
-					Organization: []string{"testorg"},
-					IssuerRef:    validIssuerRef,
+					CommonName: "testcn",
+					SecretName: "abc",
+					Subject: &cmapi.X509Subject{
+						Organizations: []string{"testorg"},
+					},
+					IssuerRef: validIssuerRef,
 				},
 			},
 		},
--- a/pkg/internal/apis/certmanager/zz_generated.deepcopy.go
+++ b/pkg/internal/apis/certmanager/zz_generated.deepcopy.go
@ -282,11 +282,6 @@ func (in *CertificateSpec) DeepCopyInto(out *CertificateSpec) {
 		*out = new(X509Subject)
 		(*in).DeepCopyInto(*out)
 	}
-	if in.Organization != nil {
-		in, out := &in.Organization, &out.Organization
-		*out = make([]string, len(*in))
-		copy(*out, *in)
-	}
 	if in.Duration != nil {
 		in, out := &in.Duration, &out.Duration
 		*out = new(v1.Duration)
@ -761,6 +756,11 @@ func (in *VenafiTPP) DeepCopy() *VenafiTPP {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *X509Subject) DeepCopyInto(out *X509Subject) {
 	*out = *in
+	if in.Organizations != nil {
+		in, out := &in.Organizations, &out.Organizations
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
 	if in.Countries != nil {
 		in, out := &in.Countries, &out.Countries
 		*out = make([]string, len(*in))